RandyM
-
Posts
7 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by RandyM
-
-
Dyllon
Has the development team been able to give you a time frame for a fix/patch to resolve our issue?
-
FYI - One interesting thing I did not notice before....
If you do a scan (under Push Install), the clients that are duplicated show up with the execution result of "Client software has been installed and registered to another server". I had not noticed that behavior before.
-
Dyllon, Thank you for the reply.
Is there a tentative ETA for releasing the patch?
-
I am assuming no one has any ideas. Apparently tech support does not either.
I sent logs, files, etc. regarding the above on Friday, July 7.
I was thrilled to get a response that same day that I had a new Tech support engineer and he was escalating the case.
I emailed Monday, July 10 to see if there was any progress. I received a reply (again same day) that they would have an update for me on Tuesday, July 11.
No email on July 11. I emailed July 12 - no response. I emailed July 13 - no response. It is Monday, July 17 - still nothing.
-
Tech support got back to me with the syntax to run mb-clean-managed through gp. But - We still have duplicates.
I used GPO's to create a folder on each domain (c:\mbam) and copy mb-clean-managed.msi into that folder. The GPO then scheduled the cleaner to run.After the cleaner ran, I removed all the clients from the console. They were all just in the default "Ungrouped Clients" list. I gave it a few hours, just to make sure no clients checked in to the server just in case I missed any.Then, I created a fresh group (manually not an OU import) called "fXXXXXX". I also created a new Policy to assign to them all. I then did a push install. Everything went well.The next morning I found several duplicates in the management console. Below is an example -jmXXXX800 and gXXXX800 were both installed yesterday (Thursday) afternoon. They registered with the server and everthing looked good. This morning, there were two gXXXX800's and jmXXXX800 has disappeared. The system log of one gXXXX800 shows all entries were for gXXXX800 with the correct IP and MAC address. The system log for the second gXXXX800 shows that all the entries were for jmXXXX800 until 5:51 a.m. this morning. The entries listing jmXXXX800 have that computer's IP and MAC address. Starting at 5:51 a.m. the entries switched to gXXXX800 and list that computers IP and MAC.We have checked the following to eliminate them as possibilities.1. Both domain controllers were functioning fine and do not show any events around this time.2. There were no issues with DHCP or DNS.3. The event logs on gXXXX800 and jmXXXX800 do not show any errors or critical events around this time.4. Nagios XI did not log any events around this time5. 5:51 a.m. is outside our window for backups, updates, scans, etc.While I wait for tech support, does anyone have any ideas? -
We have used Malwarebytes for 2 years. We are licensed for 250 clients but typically have only 180-190 managed. In early June I upgraded our server to 1.8.0.3443 and pushed updated clients to all our workstations.Up until the upgrade, things had been working well. The day after I pushed the new clients I had duplicates in my console. For example, instead of computer ABC being listed once, it was listed twice (same name, IP, and MAC). From the console, if you looked looked at the system log for one of the two, all the entries consistently listed the machine with the same name, etc. On the second entry, the system log showed that the machine originally had a different name, IP, and MAC that at some point change. For some duplicates the system log showed that an entry would change back and forth from its original name, IP, and MAC to the one it finally ended up with.
After a few days, tech support said I that the problem was that I was using the express SQL instead of a full blown install. So, we built a new management server (Win 2012 R2, MS SQL 2014) and gave it the same name and IP as our original server. Clients did not automatically register so I did a search (all were registered to a different server) and pushed the Malwarebytes client back out to them. Machines registered and everything was looking good until the next morning when I once again had duplicates (same as above).
This time tech support said I needed to download and run mb-clean-managed.msi. We ran it on a few and reinstalled the client. So far, those machines have not "duplicated" while others have. My questions, (1) why? (the tech support person had no explanation) and (2) are there any command line switches so I can push this through a GPO? Although this post is reasonably short, my frustration level is pretty high in that the tech support back and forth was a series of short emails over a 3-4 week period.
False Positive
in Website Blocking
Posted
Two professors have attempted to access our web mail system from home. Both are using MalwareBytes Premium 4.3.0 with Real-Time Protection.
They are allowed to log in but receive an error that the web site is being blocked because of phishing. The behavior began this morning (Monday). The server is law.stcl.edu (207.81.174.171).